Commit f18c0934 authored by jschuh@chromium.org's avatar jschuh@chromium.org

2010-07-26 Justin Schuh <jschuh@chromium.org>

        Reviewed by Darin Fisher.

        Check history state against origin before setting
        https://bugs.webkit.org/show_bug.cgi?id=42858

        Tests: fast/loader/stateobjects/replacestate-base-illegal.html
               fast/loader/stateobjects/replacestate-base-legal.html

        * page/History.cpp:
        (WebCore::History::urlForState):
        (WebCore::History::stateObjectAdded):
2010-07-26  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Darin Fisher.

        Check history state when base URL is changed
        https://bugs.webkit.org/show_bug.cgi?id=42858

        * fast/loader/stateobjects/replacestate-base-illegal-expected.txt: Added.
        * fast/loader/stateobjects/replacestate-base-illegal.html: Added.
        * fast/loader/stateobjects/replacestate-base-legal-expected.txt: Added.
        * fast/loader/stateobjects/replacestate-base-legal.html: Added.
        * fast/loader/stateobjects/resources/replacestate-base-pass.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64077 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent e378c42f
2010-07-26 Justin Schuh <jschuh@chromium.org>
Reviewed by Darin Fisher.
Check history state when base URL is changed
https://bugs.webkit.org/show_bug.cgi?id=42858
* fast/loader/stateobjects/replacestate-base-illegal-expected.txt: Added.
* fast/loader/stateobjects/replacestate-base-illegal.html: Added.
* fast/loader/stateobjects/replacestate-base-legal-expected.txt: Added.
* fast/loader/stateobjects/replacestate-base-legal.html: Added.
* fast/loader/stateobjects/resources/replacestate-base-pass.html: Added.
2010-07-26 Mark Rowe <mrowe@apple.com>
Disable a test that was added to verify the vendor prefix change that I rolled out in r64071.
This page should trigger an error on attempting to set the URL bar to https://www.test.com/
PASS: Security exception thrown.
<html>
<head>
<base href="https://www.test.com/">
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
window.onload = function(){
var msg;
try {
window.history.replaceState({}, {}, 'https://www.test.com/');
msg = document.createTextNode("FAIL: URL bar was changed.");
} catch (e) {
if (e.code == 18)
msg = document.createTextNode("PASS: Security exception thrown.");
else
msg = document.createTextNode("FAIL: Unknown exception thrown.");
}
document.body.appendChild(msg);
};
</script>
</head>
<body>
<p>This page should trigger an error on attempting to set the URL bar to https://www.test.com/</p>
</body>
</html>
<html>
<head>
<base id="base">
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
var url = window.location.href;
url = url.slice(0, url.lastIndexOf('/') + 1) + "resources/";
document.getElementById("base").href = url;
window.onload = function() {
window.history.replaceState({}, {}, "replacestate-base-pass.html");
window.history.go(0);
}
</script>
</head>
</html>
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
window.onload = function() {layoutTestController.notifyDone();};
}
</script>
</head>
<body>
PASS: Navigation relative to base element.
</body>
</html>
2010-07-26 Justin Schuh <jschuh@chromium.org>
Reviewed by Darin Fisher.
Check history state against origin before setting
https://bugs.webkit.org/show_bug.cgi?id=42858
Tests: fast/loader/stateobjects/replacestate-base-illegal.html
fast/loader/stateobjects/replacestate-base-legal.html
* page/History.cpp:
(WebCore::History::urlForState):
(WebCore::History::stateObjectAdded):
2010-07-26 Martin Robinson <mrobinson@igalia.com>
Reviewed by Xan Lopez.
......@@ -86,14 +86,7 @@ KURL History::urlForState(const String& urlString)
if (urlString.isEmpty())
return baseURL;
KURL absoluteURL(baseURL, urlString);
if (!absoluteURL.isValid())
return KURL();
if (absoluteURL.string().left(absoluteURL.pathStart()) != baseURL.string().left(baseURL.pathStart()))
return KURL();
return absoluteURL;
return KURL(baseURL, urlString);
}
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
......@@ -102,7 +95,8 @@ void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const Str
return;
KURL fullURL = urlForState(urlString);
if (!fullURL.isValid()) {
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(fullURL);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->isSameSchemeHostPort(origin.get())) {
ec = SECURITY_ERR;
return;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment